Albany Medical Center was working hard to take care of its patients and bring a higher level of healthcare to the community. According to most patients, the facility was doing a good job of it. Unfortunately, the medical center’s reputation was recently damaged when one of its own nurses was caught stealing patient identities.

With the help of her boyfriend, a nurse stole over 50 patient identities and applied for hundreds of credit cards in their names. The two identity thieves were eventually caught red-handed with a collection of patients’ names, home addresses, Social Security numbers, credit cards, and gift cards.

Sadly, this is just one of numerous cases in which nurses swiped patient identities for personal financial gain. As a medical facility or administrator, it’s your duty to protect your patients from identity theft. After all, more importantly than harming your reputation as a trusted healthcare provider, medical identity theft puts your patients’ lives at risk. Here’s how to safeguard your facility.

Be Strict About Hiring

Implement well-defined hiring practices to weed out potential threats. For example, run extensive background checks on each applicant to make sure there is no history of criminal activity or association with criminals. Also, only hire personnel that can show their qualifications and have a long list of references—references you actually check up on as well. Reference checks are important for every position, but especially for the nurses who will have regular interaction with patients and their private information.

Stick to Regulations

Your patients are at risk every time employees don’t explicitly follow established protocols and federal privacy regulations. This, of course, includes adhering to the rules governing protected health information under HIPAA. Patient records are a goldmine for identity thieves. They contain all of the information they need to easily commit medical identity theft—names, addresses, birthdates, and Social Security numbers. Patient files may even include credit card information for billing purposes. Make sure you follow all of HIPAA’s strict guidelines for how patient information should be handled to reduce the likelihood of that data falling into the wrong hands.

Implement Control Systems

Set up control systems to eliminate opportunities for medical identity theft to occur at your facility. This includes considering both human and electronic security measures. Create an extensive set of policies and procedures that safeguard patients’ personal information:

• Hire an identity theft protection company that specializes in not only preventing medical identity theft from happening in the first place, but also recovering patient identities after they’re stolen.
• Develop a secure IT network that only allows authorized users to access patient records. Require complex passwords to login to the network, and only share them with those employees who need access.
• Configure computer systems containing patient records to automatically logout a user when a workstation is unattended.
• Add security screens to computers in public areas.
• Hold all members of your staff accountable for complying with HIPAA laws.
• Require staff to participate in annual competency training to keep their patient privacy skills up-to-date.
• Never leave patient records unattended in unsecured areas.
• Regularly shred and securely dispose of printed patient records.
• Audit your system regularly to see which records have been accessed and by whom. If you notice patient records have been accessed after hours or have been accessed repeatedly, call those employees in to question.
• If resources allow for it, hire a full-time privacy and security officer responsible for monitoring, tracking, and protecting patient privacy.

Prevent Medical Identity Theft

If your system is breached and patient identities are stolen, hire a professional identity theft investigator to run the investigation. They stay current on all of the latest medical identity theft methods, and use techniques to quickly find the identity thieves. The last thing you want to do is let the identity theft drag on, putting more patients in harm’s way.

Ultimately, as a reputable medical facility, you have a responsibility to keep your patients’ identities under lock and key. Failure to do so not only threatens patients’ health and finances. Identity theft also has far-reaching legal and financial implications that can put you out of business.

Don’t let identity thieves—whether employees or people outside the organization—wreak havoc in your medical facility. Visit The Identity Advocate for more tips and to learn how to set up a medical identity theft protection plan for your business.